Re: Problem with ACS

From: Greg Wendel (gwendel@gmail.com)
Date: Wed Apr 11 2007 - 00:13:29 ART

• Next message: Usman Ali: "test mail plz ignore"
• Previous message: Keith Bizzell: "DHCP IEWBv4 9.1"
• Maybe in reply to: CCDesire: "Problem with ACS"
• Next in thread: Luu Hoang Dung: "RE: Problem with ACS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I would guess your problem is that you are missing the ip tacacs
source-interface command

On 4/10/07, Marvin Greenlee <marvin@ipexpert.com> wrote:
>
> Are there other devices in the data path between your router and the ACS
> server?
>
> Do you get the same response (connection is refused) if you telnet from
> the
> router to the ACS server on TCP port 49 ?
>
> Are you getting this message when you try an authentication from the
> router
> locally (using the 'test aaa' command)?
>
> Do you only get the 'connection refused' when trying to connect to the
> router from somewhere else? If only when trying to connect to the router
> from somewhere else, is there any configured access-class/ACL blocking
> traffic to the router?
>
> Are you able to authenticate to the ACS server from the router using
> RADIUS?
>
> Marvin Greenlee, CCIE #12237 (R&S, SP, Sec)
> Senior Technical Instructor - IPexpert, Inc.
> "When Will You Be an IP Expert?"
> marvin@ipexpert.com
> http://www.IPexpert.com
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> CCDesire
> Sent: Tuesday, April 10, 2007 9:37 PM
> To: 'Cisco certification'
> Subject: Problem with ACS
>
> Dear group,
>
> I have the following error message every time I try to authenticate
> routers
> to the Tacacs+ Server in Cisco Secure ACS:
>
>  Connection is refused by remote host
>
>
>
> I tried different ways to fix this problem but still unsuccessful.
>
> Router-to-be-authenticated can ping Server, all firewall on server are
> closed (ACS with W2K server).
>
> The hostname, the IP and the shared-key for the router is correctly
> configured.
>
>
>
> This is what I configured about authentication:
>
> Aaa new-model
>
> Aaa authen login default group tacacs local
>
>
>
> Tacacs-server host 206.222.152.1 single
>
> Tacacs-server key ventu
>
>
>
>
>
> Pls help me troubleshoot this problem.
>
>
>
>
> --
> Internal Virus Database is out-of-date.
> Checked by AVG Free Edition.
> Version: 7.5.446 / Virus Database: 268.18.17/731 - Release Date: 3/23/2007
> 3:27 PM
>
>
>
> --
> Internal Virus Database is out-of-date.
> Checked by AVG Free Edition.
> Version: 7.5.446 / Virus Database: 268.18.17/731 - Release Date: 3/23/2007
> 3:27 PM
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>

--
Gregory Wendel
Springfield VA, 22153

• Next message: Usman Ali: "test mail plz ignore"
• Previous message: Keith Bizzell: "DHCP IEWBv4 9.1"
• Maybe in reply to: CCDesire: "Problem with ACS"
• Next in thread: Luu Hoang Dung: "RE: Problem with ACS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue May 01 2007 - 08:28:35 ART